[Federal Register Volume 78, Number 164 (Friday, August 23, 2013)]
[Notices]
[Pages 52553-52556]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2013-20635]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HOMELAND SECURITY
Office of the Secretary
[Docket No. DHS-2013-0058]
Privacy Act of 1974; Department of Homeland Security/ALL-035
Common Entity Index Prototype System of Records
AGENCY: Privacy Office, Department of Homeland Security.
ACTION: Notice of Privacy Act System of Records.
-----------------------------------------------------------------------
SUMMARY: In accordance with the Privacy Act of 1974, the Department of
Homeland Security proposes to establish a new Department of Homeland
Security system of records titled, ``Department of Homeland Security/
ALL--035 Common Entity Index Prototype System of Records.'' This system
of records allows the Department of Homeland Security to correlate
identity data from select component-level systems and organizes key
identifiers that the Department of Homeland Security has collected
about that individual. This correlation and consolidation of identity
data will facilitate DHS's ability to carry out its missions with
appropriate access control. DHS is building a prototype with an initial
set of data for testing and evaluation purposes. If the system passes
the testing and evaluation stage and DHS moves to an operational
system, either this system will be updated or a new system of records
notice will be published.
DATES: Submit comments on or before September 23, 2013. This new
prototype system will be effective September 23, 2013.
ADDRESSES: You may submit comments, identified by docket number DHS-
2013-0058 by one of the following methods:
Federal e-Rulemaking Portal: http://www.regulations.gov.
Follow the instructions for submitting comments.
Fax: 202-343-4010.
Mail: Jonathan R. Cantor, Acting Chief Privacy Officer,
Privacy Office, Department of Homeland Security, Washington, DC 20528.
Instructions: All submissions received must include the agency name
and docket number for this rulemaking. All comments received will be
posted without change to http://www.regulations.gov, including any
personal information provided.
Docket: For access to the docket to read background documents or
comments received, please visit http://www.regulations.gov.
FOR FURTHER INFORMATION CONTACT: For questions, please contact:
Jonathan R. Cantor, (202) 343-1717, Acting Chief Privacy Officer,
Privacy Office, Department of Homeland Security, Washington, DC 20528.
SUPPLEMENTARY INFORMATION:
I. Background
In accordance with the Privacy Act of 1974, 5 U.S.C. 552a, the
Department of Homeland Security (DHS) proposes to establish a new DHS
system of records titled, ``DHS/ALL--035 Common Entity Index Prototype
(CEI Prototype).''
The purpose of this prototype is to determine the feasibility of
establishing a centralized index of select biographic information that
will allow DHS to provide a consolidated and correlated record, thereby
facilitating and improving DHS's ability to carry out its national
security, homeland security, law enforcement, and benefits missions.
The ability to perform this task across multiple data sets increases
the speed and efficiency of this work and contributes to DHS's
readiness and effectiveness in carrying out its national security,
homeland security, law enforcement, and benefits missions.
Since 2007, DHS has operated under the ``One DHS'' policy that was
implemented to afford DHS personnel timely access to the relevant and
necessary homeland-security information they need to successfully
perform their duties. Since this information is subject to privacy,
civil rights and civil liberties, and other legal protections, DHS
personnel requesting such information must: (1) Have an authorized
purpose, authorized mission, and need to know for accessing the
information in the performance of his or her duties; (2) possess the
requisite security clearance; and (3) assure adequate safeguarding and
protection of the information. In the past, however, this access was
limited, time intensive, and required personnel to log on and query
separate databases in order to determine the extent of DHS holdings
pertaining to a particular individual.
The CEI Prototype will expedite this time-consuming process by
correlating identity information from select DHS source system data
sets, resolving differences in the data, and consolidating the data as
a more comprehensive identity record about an individual, including
reference to the relevant source system records. The correlations to be
made will be based on biographic linkages contained within the source
system data. The CEI Prototype is being tested and evaluated by DHS to
determine whether it can successfully result in a more authoritative
and complete biographic picture of the individual about whom
information is sought. The resulting correlation will be maintained in
the CEI Prototype system of records.
The CEI Prototype will correlate biographic data, including full
name, date of birth, country of birth, government issued document
number(s), phone number, physical address, and email address when
available in the source systems. This information will be organized
into an updated, common record pertaining to a specific individual. The
CEI Prototype thus provides a consolidated, correlated identity record
derived from DHS holdings that can then be evaluated for a specific
purpose or DHS mission activity. The CEI Prototype uses technical
access controls to provide results to a user's query that are based on
that user's need to know.
This approach ensures the appropriate privacy, policy, and
safeguarding requirements are applied to the new record. The DHS
Privacy Office, Office for Civil Rights and Civil Liberties, Office of
the General Counsel, and Office of Policy, in coordination with DHS
components, will provide policy recommendations and/or oversight of the
correlation process, and
[[Page 52554]]
evaluate the effectiveness of the prototype.
Initially, DHS will use certain biographic data elements and
necessary meta data from the following source data sets to populate the
CEI Prototype: (1) U.S. Customs and Border Protection (CBP)'s
Electronic System for Travel Authorization (ESTA), covered by the DHS/
CBP-009--Electronic System for Travel Authorization (ESTA) SORN (July
30, 2012, 77 FR 44642); (2) U.S. Immigration and Customs Enforcement
(ICE)'s Student and Exchange Visitor Information System (SEVIS),
covered by the DHS/ICE-001--Student and Exchange Visitor Information
System SORN (January 5, 2010, 75 FR 412); and (3) U.S. Transportation
Security Administration (TSA)'s Alien Flight Student Program (AFS),
covered by the DHS/TSA-002--Transportation Security Threat Assessment
System SORN (May 19, 2010, 75 FR 28046). These three data sets were
identified for the prototype in order to demonstrate how data sets from
different components can be correlated while maintaining appropriate
access controls. If additional data sets are added to the CEI
Prototype, this SORN will be updated. If, based on the results of the
CEI prototype, DHS creates an operational system, either this SORN will
be updated or a new SORN will be published.
For the CEI Prototype, DHS has published limited routine uses but
none that are intended to allow mission-related sharing for national
security, homeland security, law enforcement, and benefits purposes.
Such sharing is not appropriate for a prototype. The information
contained in the CEI Prototype may be shared from the source system
pursuant to the appropriate routine uses.
II. Privacy Act
The Privacy Act embodies fair information practice principles in a
statutory framework governing the means by which Federal Government
agencies collect, maintain, use, and disseminate individuals' records.
The Privacy Act applies to information that is maintained in a ``system
of records.'' A ``system of records'' is a group of any records under
the control of an agency from which information is retrieved by the
name of an individual or by some identifying number, symbol, or other
unique identifier particular to the individual. In the Privacy Act, an
individual is defined to encompass U.S. citizens and lawful permanent
residents. As a matter of policy, DHS extends administrative Privacy
Act protections to all individuals when systems of records maintain
information on U.S. citizens, lawful permanent residents, and visitors.
Below is the description of the DHS/ALL--035 Common Entity Index
Prototype System of Records.
In accordance with 5 U.S.C. 552a(r), DHS has provided a report of
this system of records to the Office of Management and Budget and to
Congress.
System of Records
Department of Homeland Security (DHS)/ALL-035.
System name:
DHS/ALL-035 Common Entity Index Prototype (CEI Prototype).
Security classification:
Sensitive and unclassified.
System location:
Records are maintained at the DHS Headquarters in Washington, DC,
DHS data centers in Stennis, Mississippi, and in locations where DHS
and its components conduct business.
Categories of individuals covered by the system:
Categories of individuals covered by this system include:
(1) foreign nationals who may seek to enter the United States by
air or sea under the Visa Waiver Program;
(2) prospective, current, and former non-immigrants to the United
States on an F-1, M-1, or J-1 class of admission and their dependents
who have been admitted under an F-2, M-2, or J-2 class of admission
(collectively, F/M/J non-immigrants);
(3) a proxy, parent or guardian of an F/M/J nonimmigrant; and
(4) aliens or other individuals designated by DHS/Transportation
Security Administration (TSA), including lawful permanent residents
(LPR), who apply for flight training or recurrent training.
F nonimmigrants are foreign students pursuing a full course of
study in a college, university, seminary, conservatory, academic high
school, private elementary school, other academic institution, or
language training program in the United States (U.S.) that Student and
Exchange Visitor Program (SEVP) has certified to enroll foreign
students. M nonimmigrants are foreign students pursuing a full course
of study in a vocational or other recognized nonacademic institution
(e.g., technical school) in the U.S. that SEVP has certified to enroll
foreign students. J nonimmigrants are foreign nationals selected by a
sponsor that the Department of State (DOS) has designated to
participate in an exchange visitor program in the U.S.
Categories of records in the system:
(1) Correlation created by the Common Entity Index Prototype
includes
Identity information;
Meta Data related to the
[cir] source system name,
[cir] system identification number to tie the biographic
information back to the source system record, and
[cir] date the record was ingested into the CEI Prototype.
(2) Source system data elements:
Full Name;
Alias(es);
Gender;
Date of Birth;
Country of Birth;
Country of Citizenship;
Phone Number;
Physical Address;
Email Address;
Fingerprint Identification Number; and
Document Type, Number, Date, and Location of Issuance for
the following types of government issued documents:
[cir] Passport;
[cir] Driver's License;
[cir] Electronic System for Travel Authorization (ESTA);
[cir] Student and Exchange Visitor Information System (SEVIS) ;
[cir] Alien Registration; and
[cir] Visa.
Authority for maintenance of the system:
Homeland Security Act, 6 U.S.C. 343; Clinger-Cohen Act of 1996,
Public Law 104-106, codified at 40 U.S.C. 11101, et. seq.
Purpose(s):
The purpose of this prototype is to determine the feasibility of
establishing a centralized index of select biographic information that
will allow DHS to provide a consolidated and correlated identity,
thereby facilitating and improving DHS's ability to carry out its
national security, homeland security, law enforcement, and benefits
missions.
Routine uses of records maintained in the system, including categories
of users and the purposes of such uses:
In addition to those disclosures generally permitted under 5 U.S.C.
552a(b) of the Privacy Act, all or a portion of the records or
information contained in this system may be disclosed outside DHS as a
routine use pursuant to 5 U.S.C. 552a(b)(3) as follows, except, to the
extent any of the data contained in the CEI Prototype relates to
refugees, asylum seekers, and asylees, such information may not be
[[Page 52555]]
disclosed outside DHS as a routine use pursuant to 5 U.S.C. 552a(b)(3),
but is subject, as a matter of policy, to the confidentiality
provisions of 8 CFR 208.6.
A. To the Department of Justice (DOJ), including U.S. Attorney
Offices, or other federal agencies conducting litigation or in
proceedings before any court, adjudicative, or administrative body,
when it is relevant or necessary to the litigation and one of the
following is a party to the litigation or has an interest in such
litigation:
1. DHS or any component thereof;
2. Any employee or former employee of DHS in his/her official
capacity;
3. Any employee or former employee of DHS in his/her individual
capacity when DOJ or DHS has agreed to represent the employee; or
4. The United States or any agency thereof.
B. To a congressional office from the record of an individual in
response to an inquiry from that congressional office made at the
request of the individual to whom the record pertains.
C. To the National Archives and Records Administration (NARA) or
General Services Administration pursuant to records management
inspections being conducted under the authority of 44 U.S.C. Sec. Sec.
2904 and 2906.
D. To appropriate agencies, entities, and persons when:
1. DHS suspects or has confirmed that the security or
confidentiality of information in the system of records has been
compromised; and
2. DHS has determined that as a result of the suspected or
confirmed compromise, there is a risk of identity theft or fraud, harm
to economic or property interests, harm to an individual, or harm to
the security or integrity of this system or other systems or programs
(whether maintained by DHS or another agency or entity) that rely upon
the compromised information; and
3. The disclosure made to such agencies, entities, and persons is
reasonably necessary to assist in connection with DHS's efforts to
respond to the suspected or confirmed compromise and prevent, minimize,
or remedy such harm.
E. To contractors and their agents, grantees, experts, consultants,
and others performing or working on a contract, service, grant,
cooperative agreement, or other assignment for DHS, when necessary to
accomplish an agency function related to this system of records.
Individuals provided information under this routine use are subject to
the same Privacy Act requirements and limitations on disclosure as are
applicable to DHS officers and employees.
Disclosure to consumer reporting agencies:
None.
Policies and practices for storing, retrieving, accessing, retaining,
and disposing of records in the system:
Storage:
Records in this system are stored electronically in secure
facilities in a locked drawer behind a locked door. The records may be
stored on magnetic disc, tape, or digital media.
Retrievability:
Records may be retrieved by name or any other unique identifier
assigned to the individual.
Safeguards:
Records in this system are safeguarded in accordance with
applicable rules and policies, including all applicable DHS automated
systems security and access policies. Strict controls have been imposed
to minimize the risk of compromising the information that is being
stored. Access to the computer system containing the records in this
system is limited to those individuals who have a need to know the
information for the performance of their official duties and who have
appropriate clearances or permissions.
Retention and disposal:
The CEI Prototype ingests data from source systems, and correlates
the data into a CEI Prototype identity. Ingested data is retained in
CEI Prototype for no longer than the record retention requirements of
the source systems. The CEI Prototype creates a correlated identity
that is dynamic not static. The ingested data elements that make up
that identity will be subject to the records retention schedules of the
source systems from which they came. By design, the deletion or
correction of these elements at the appropriate time will affect the
correlated record. For example, if a student updates his/her contact
information, the correlation will be updated.
System Manager and address:
Executive Director, DHS Information Sharing Environment Office,
Department of Homeland Security, Washington, DC 20528.
Notification procedure:
Individuals seeking notification of and access to any record
contained in this system of records, or seeking to contest its content,
may submit a request in writing to the Headquarters FOIA Officer, whose
contact information can be found on the Department's official Web site
at http://www.dhs.gov/foia under ``Contacts.'' The individual may
submit the request to the Chief Privacy Officer and Chief Freedom of
Information Act Officer, Department of Homeland Security, 245 Murray
Drive, SW., Building 410, STOP-0655, Washington, DC 20528.
When seeking records about yourself from this system of records or
any other Departmental system of records, your request must conform
with the Privacy Act regulations set forth in 6 CFR part 5. You must
first verify your identity, meaning that you must provide your full
name, current address, and date and place of birth. You must sign your
request, and your signature must either be notarized or submitted under
28 U.S.C. 1746, a law that permits statements to be made under penalty
of perjury as a substitute for notarization. While no specific form is
required, you may obtain forms for this purpose from the Chief Privacy
Officer and Chief Freedom of Information Act Officer, on the
Department's official Web site at http://www.dhs.gov/foia or by calling
toll free 1-866-431-0486. In addition, you should:
Explain why you believe the Department would have
information on you; and
Specify when you believe the records would have been
created.
If seeking records pertaining to another living individual, include
a statement from that individual certifying his/her agreement for you
to access his/her records.
Without the above information, DHS may not be able to conduct an
effective search, and your request may be denied due to lack of
specificity or lack of compliance with applicable regulations.
Record access procedures:
See ``Notification procedure'' above.
Contesting record procedures:
See ``Notification procedure'' above.
Record source categories:
Initially, DHS will use the following source data sets to populate
CEI Prototype: (1) CBP's ESTA, covered by the DHS/CBP-009--Electronic
System for Travel Authorization (ESTA) SORN (July 30, 2012, 77 FR
44642); (2) ICE's SEVIS, covered by the DHS/ICE-001--Student and
Exchange Visitor Information System SORN (January 5, 2010, 75 FR 412);
and (3) TSA's AFS, covered by the DHS/TSA-002--Transportation Security
Threat Assessment System SORN (May 19,
[[Page 52556]]
2010, 75 FR 28046). If additional data sets are added to CEI Prototype,
this SORN will be updated. If deployed for operational use, additional
data sources may be used. DHS will update this SORN or issue a new SORN
prior to the operational use of the system.
Exemptions claimed for the system:
The records maintained in the CEI Prototype are the non-exempt
portions of the records in the source systems because the information
ingested into the CEI Prototype is the information provided directly by
the individual for the requested benefit. When a record received from
another system has been exempted in that source system under
5 U.S.C. 552a(j)(2) or (k)(1), (k)(2), or (k)(5), DHS will claim
the same exemptions for those records that are claimed for the original
primary systems of records from which they originated.
Dated: August 14, 2013.
Jonathan R. Cantor,
Acting Chief Privacy Officer, Department of Homeland Security.
[FR Doc. 2013-20635 Filed 8-22-13; 8:45 am]
BILLING CODE P